Bug#719642: pu: samba/2:3.6.6-6+deb7u1

Ivo De Decker Tue, 13 Aug 2013 12:52:13 -0700

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu


Dear release team,

The Samba Team released a security update with a fix for CVE-2013-4124. Please
accept the attached patch for wheezy.

Thanks in advance.

Cheers,

Ivo

diff -Nru samba-3.6.6/debian/changelog samba-3.6.6/debian/changelog
--- samba-3.6.6/debian/changelog        2013-04-15 23:56:50.000000000 +0200
+++ samba-3.6.6/debian/changelog        2013-08-13 21:10:11.000000000 +0200
@@ -1,3 +1,11 @@
+samba (2:3.6.6-6+deb7u1) wheezy; urgency=low
+
+  * Security update
+  * CVE-2013-4124: Denial of service - CPU loop and memory allocation
+    Closes: #718781
+
+ -- Ivo De Decker <ivo.dedec...@ugent.be>  Tue, 13 Aug 2013 21:10:11 +0200
+
 samba (2:3.6.6-6) unstable; urgency=low
 
   * Team upload.
diff -Nru samba-3.6.6/debian/patches/security-CVE-2013-4124.patch 
samba-3.6.6/debian/patches/security-CVE-2013-4124.patch
--- samba-3.6.6/debian/patches/security-CVE-2013-4124.patch     1970-01-01 
01:00:00.000000000 +0100
+++ samba-3.6.6/debian/patches/security-CVE-2013-4124.patch     2013-08-13 
16:59:11.000000000 +0200
@@ -0,0 +1,39 @@
+CVE-2013-4124 (Missing integer wrap protection in EA list reading can cause
+server to loop with DOS).
+
+   All current released versions of Samba are vulnerable to a denial of
+   service on an authenticated or guest connection. A malformed packet
+   can cause the smbd server to loop the CPU performing memory
+   allocations and preventing any further service.
+
+   A connection to a file share, or a local account is needed to exploit
+   this problem, either authenticated or unauthenticated if guest
+   connections are allowed.
+
+   This flaw is not exploitable beyond causing the code to loop
+   allocating memory, which may cause the machine to exceed memory
+   limits.
+
+diff -u -r --new-file --exclude .svn --exclude CVS 
samba-3.6.16/source3/smbd/nttrans.c samba-3.6.17/source3/smbd/nttrans.c
+--- samba-3.6.16/source3/smbd/nttrans.c        2013-06-19 09:35:24.000000000 
+0200
++++ samba-3.6.17/source3/smbd/nttrans.c        2013-07-29 20:55:18.000000000 
+0200
+@@ -989,7 +989,19 @@
+               if (next_offset == 0) {
+                       break;
+               }
++
++              /* Integer wrap protection for the increment. */
++              if (offset + next_offset < offset) {
++                      break;
++              }
++
+               offset += next_offset;
++
++              /* Integer wrap protection for while loop. */
++              if (offset + 4 < offset) {
++                      break;
++              }
++
+       }
+ 
+       return ea_list_head;
diff -Nru samba-3.6.6/debian/patches/series samba-3.6.6/debian/patches/series
--- samba-3.6.6/debian/patches/series   2013-01-31 20:53:43.000000000 +0100
+++ samba-3.6.6/debian/patches/series   2013-08-13 16:59:11.000000000 +0200
@@ -24,3 +24,4 @@
 0001-ndr-fix-push-pull-DATA_BLOB-with-NDR_NOALIGN.patch
 security-CVE-2013-0213.patch
 security-CVE-2013-0214.patch
+security-CVE-2013-4124.patch

Bug#719642: pu: samba/2:3.6.6-6+deb7u1

Reply via email to